Cyber Incident Victim: CAH Holdings Inc.
Date:
Nov 2019
Location:
United States of America
Summary
CAH Holdings experienced a security incident involving unauthorized access to certain employee email accounts, potentially exposing personally identifiable information and protected health information including names, medical treatment details, diagnoses, and health benefits data. A limited number of individuals also had addresses, dates of birth, and Social Security numbers compromised. Forensic investigators confirmed the breach but could not determine specific emails or attachments accessed by the threat actor. The company implemented corrective measures such as global password resets, multi-factor authentication deployment, enhanced spam filtering, cybersecurity staff augmentation, and employee retraining on phishing recognition. Affected individuals were offered complimentary credit monitoring and identity theft protection services, while leadership emphasized their commitment to preventing future incidents and protecting customer privacy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around November 15, 2019, CAH Holdings Inc. (CAH) discovered a data security incident involving unauthorized access to certain employee corporate email accounts. The Birmingham, Alabama-based company engaged independent computer forensic specialists to investigate the breach’s scope and origin. Forensic analysis confirmed an unauthorized actor had infiltrated some email accounts but could not determine which specific emails or attachments were accessed or exfiltrated. Subsequent review of the compromised accounts revealed they contained limited personally identifiable information (PII) and protected health information (PHI), including patient names, medical treatment histories, diagnoses, and health benefits details. A smaller subset of affected individuals also had their addresses, dates of birth, and Social Security numbers exposed through the breached accounts. CAH stated it found no evidence of actual misuse of the compromised data but acknowledged the potential risk to individuals’ privacy and security due to the sensitivity of the exposed information.
In response, CAH implemented multiple corrective measures to address vulnerabilities and prevent recurrence. The company initiated a global password reset across its systems, enabled multi-factor authentication for account access, and strengthened spam filtering capabilities. Organizational changes included hiring a Chief Information Security Officer to oversee enhanced security protocols. All employees received retraining on cybersecurity best practices, with emphasis on identifying and reporting suspicious emails. Affected individuals were offered complimentary one-year subscriptions to ID Experts® credit monitoring and identity theft protection services, including credit surveillance, identity detection, and resolution support. CAH established a dedicated call center (833-953-1522) operating during Central Time business hours for impacted parties to verify their involvement in the incident. CEO Grantland Rice publicly acknowledged the breach, expressing regret over potential concerns while reaffirming CAH’s commitment to client trust and information security through ongoing policy and training reviews.